Related Links

Slash 2.2.4 Released

Slash 2.2.4 is released. It is strongly recommended that you
upgrade from version 2.2.0 through 2.2.3. This release fixes an
admin.pl scripting vulnerability which could be used to obtain
passwords or other private information.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Without JavaScript enabled, you might want to
use the classic discussion system instead. If you login, you can remember this preference.

Please Log In to Continue

What SQL changes have taken place? I've been updating from 2.2.0 to the latest as these bugs have appeared, but now that there seems to be a SQL change, and it's not really documented, I'm a little concerned.........

from the notice at the oreilly site [oreillynet.com], i gather you just have to look for users with permissions set higher than warranted---in other words, only your authors should have permissions set higher than 1 (or whatever). To quote:

Once Slash has been upgraded, users should check their users seclev field to insure that no unauthorized user has a value equal to or greater than 100, and should change their passwords.